尽管HAProxy非常稳定,但仍然无法规避操作系统故障、主机硬件故障、网络故障甚至断电带来的风险。所以必须对HAProxy实施高可用方案。
下面将介绍利用Keepalived实现的HAProxy热备方案。即两台主机上的两个HAProxy实例同时在线,其中权重较高的实例为MASTER,MASTER出现问题时,另一台实例自动接管所有流量。
1、地址规划
![部署haproxy+keepalived高可用负载均衡器_sed](//dev-img.mos.moduyun.com/20231020/44afd2e1-0628-4aa8-91f6-9c4b5a917c57.png)
haproxy+keepalive1
192.168.28.101
haproxy+keepalive2
192.168.28.102
VIP
192.168.28.110
harbor
192.168.28.202
1、使用yum安装软件(如果服务器不能联网,可以选择源码安装,这里为了简单,直接使用yum)
# yum install keepalived haproxy -y
![部署haproxy+keepalived高可用负载均衡器_ipad_02](//dev-img.mos.moduyun.com/20231020/100653d5-083c-4595-9f41-391a47e3b85a.png)
2、关闭防火墙和selinux
关闭防火墙
iptables -F && iptables -X && iptables -Z
systemctl stop firewalld.service && systemctl disable firewalld.service
关闭Selinux
setenforce 0
echo 'sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config'| sh
3、配置时间同步
yum install chronyd -y
cat > /etc/chrony.conf <<EOF
server ntp.aliyun.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
logchange 0.5
logdir /var/log/chrony
EOF
systemctl enable chronyd && systemctl start chronyd
3、配置kepalived
复制VRRP模板
cp /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
master节点配置
修改配置如下
![部署haproxy+keepalived高可用负载均衡器_sed_03](//dev-img.mos.moduyun.com/20231020/558b5997-ce97-4939-a4c2-681030a2360f.png)
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.28.110
}
}
backup节点配置
![部署haproxy+keepalived高可用负载均衡器_linux_04](//dev-img.mos.moduyun.com/20231020/ea979817-8c4c-4cc3-a1d0-c5b070141b5f.png)
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.28.110
}
}
启动服务
systemctl enable keepalived && systemctl start keepalived && systemctl status keepalived
主机:
![部署haproxy+keepalived高可用负载均衡器_linux_05](//dev-img.mos.moduyun.com/20231020/0b4931e9-4c10-46dd-9a35-8f364bbca7be.png)
备机:
![部署haproxy+keepalived高可用负载均衡器_linux_06](//dev-img.mos.moduyun.com/20231020/9929b1d4-f729-4339-8b8e-a9c05582c350.png)
4、配置haproxy
hapeoxy配置如下:
主备机配置一样
scp /etc/haproxy/haproxy.cfg 192.168.28.101:/etc/haproxy/haproxy.cfg
#--------------全局配置----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen harbor-80
bind *:80
mode tcp
server server1 192.168.28.201:80 check inter 3s fall 3 rise 3
listen harbor-443
bind *:443
mode tcp
server server1 192.168.28.201:443 check inter 3s fall 3 rise 3
启动服务:
systemctl start haproxy && systemctl enable haproxy && systemctl status haproxy
![部署haproxy+keepalived高可用负载均衡器_ipad_07](//dev-img.mos.moduyun.com/20231020/fc48056b-3b0c-4ac2-bded-40eca339fcf6.png)
5、测试效果
正常效果
打开https://192.168.28.110/查看负载后的地址
![部署haproxy+keepalived高可用负载均衡器_ipad_08](//dev-img.mos.moduyun.com/20231020/5283f4c6-ae06-4729-b96c-0819f3de9132.png)
master:
keepalived状态:
![部署haproxy+keepalived高可用负载均衡器_sed_09](//dev-img.mos.moduyun.com/20231020/d51835d0-3667-4339-bce3-42b3e34456d5.png)
backup:
keepalived状态:
![部署haproxy+keepalived高可用负载均衡器_linux_10](//dev-img.mos.moduyun.com/20231020/1262ff2e-17fb-4ba3-813b-4ed309f27f5a.png)
关闭master
backup:
keepalived状态:
![部署haproxy+keepalived高可用负载均衡器_sed_11](//dev-img.mos.moduyun.com/20231020/7478b419-aeac-47a3-abf6-f8d6a3378e41.png)
网页访问:
![部署haproxy+keepalived高可用负载均衡器_ipad_12](//dev-img.mos.moduyun.com/20231020/466d4eac-c492-4fe7-befd-88e90d5acedc.png)
haproxy页面:
切换为backup PID
![部署haproxy+keepalived高可用负载均衡器_sed_13](//dev-img.mos.moduyun.com/20231020/efc3aa5a-af91-49a7-9b00-569bb3e786b0.png)
启动master
backup:
keepalived状态:
![部署haproxy+keepalived高可用负载均衡器_sed_14](//dev-img.mos.moduyun.com/20231020/4a956ff6-8209-4606-8b65-4296a124cb28.png)
master:
keepalived状态:
![部署haproxy+keepalived高可用负载均衡器_ipad_15](//dev-img.mos.moduyun.com/20231020/27aae13f-1176-44cd-a2ae-142abfde9ba9.png)
访问网页正常:
![部署haproxy+keepalived高可用负载均衡器_linux_16](//dev-img.mos.moduyun.com/20231020/5e2cf291-a680-4d1c-bcf5-526010ce499a.png)
haproxy页面:
切换为master PID
![部署haproxy+keepalived高可用负载均衡器_sed_17](//dev-img.mos.moduyun.com/20231020/343f6846-b199-4c2a-91f2-1560ef716a87.png)
由此可见,高可用负载均衡器正常使用。